logoalt Hacker News

bfleschtoday at 7:16 AM2 repliesview on HN

Creative use of social engineering, well done.

> "no bounty was awarded"

Ridiculous. Anthropic engineers are not just stupid to allow such a vuln in the first place, but they also try to hide such vulns from their bosses because a bounty payout would need to be explained to the finance team.


Replies

kennywinkertoday at 7:26 AM

I don’t think it counts as social engineering if it’s exploiting an llm, we might need a new word. Prompt injection doesn’t cover it, because it’s not about a malicious prompt.

I’m thinking some play on highjacking. AIjacking? Agent-jacking? Claudejacking?

show 4 replies
Perz1valtoday at 8:01 AM

> social engineering

More like agentic en... Oh. Was it actually what we were doing all along?

show 1 reply